Hi Hervé
Agree, and Jetty is used in Karaf/Pax Web/ServiceMix 3 and 4.
However, the Jetty versions that we ship are not affected (6.1.26 or 7.5.4).
Regards
JB
On 02/01/2012 10:08 AM, Hervé BARRAULT wrote:
Hi,
I would say the vulnerability will be in jetty bundle not Geronimo
(6.1.XX is included)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4461
Regards
On 1/31/12, Jean-Baptiste Onofré<[email protected]> wrote:
Ohh sorry Diwakar, you talk about ServiceMix 3.x.
Regarding ServiceMix 3.x and my previous e-mail, ServiceMix 3 uses the
same Geronimo components as ServiceMix components.
Regards
JB
On 01/31/2012 02:21 PM, diwakar wrote:
Hi,
>> ServiceMix embeds some Specs provided by Geronimo
If it is only specs, can we ignore this particular security
vulnerability from Servicemix pov.
With Best Regards,
Diwakar
--
View this message in context:
http://servicemix.396122.n5.nabble.com/Servicemix-3-x-Geronimo-Dependency-CVE-2011-5034-tp5443711p5444514.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
